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| QUICK START 


Installing and Using pcProx 


This product provides two ways to employ a proximity card as a means of authenticating to the 
network. The NMAS™ login method for pcProx* enables you to set up a pcProx card to act like a 
traditional password to authenticate the user to the network. This is similar to other login 


methods provided for use with NMAS. 


NOTE: For security reasons, pcProx should not be the only factor used for authentication. It 
should be used with a second factor, such as a biometric device, a smart card, or a password. 
The NMAS login ID snap-in enables organizations to utilize their proximity cards to quickly and 
easily identify users. For example, instead of requiring users to enter their user IDs when they 
authenticate, you can require users to present their proximity cards for identification. You can 
then require another form of authentication (password, biometric, etc.) to authenticate the 


user. You can also configure this snap-in to replace or complement the password. 
This login method supports two types of proximity cards: 


+ HID cards 


The HID card requires the user to be sitting in close proximity to the card reader. It stores a 
32-bit identifier and supports one card per reader. 


+ AIR ID cards 


The AIR ID card has a range of 5 to 15 feet from the card reader. It stores a 32-bit identifier 
per card and supports up to 8 cards per reader. 


INSTALLING AND CONFIGURING THE LOGIN METHOD FOR PCPROX 
Information for installing and configuring the login method is provided here. For additional 
information, including how to create and authorize login sequences, see the NMAS 
Administration Guide at the Novell Documentation Web site (http://www.novell.com/ 


documentation/lg/nmas20/index.html). 


Novell. 


Prerequisites 
You must meet the following prerequisites before installing pcProx: 


+ Windows 98 or later 

+ NMAS 2.02 or later 

+ NMAS 2.1 or later client if you are using the ID snap-ins 

+ USB readers must have firmware (F/W) 1.20 or higher 
Steps 


As with all login methods, you must complete the following steps to make the login method 


available for use: 


= 


Set up any required hardware. 
2 Install the login method. 
3 Configure the login method. 
4 Create a login sequence. 
5 Authorize login sequences for users. 
NOTE: Steps 4 and 5 are not necessary for the ID snap-in. 


Setting Up the Hardware 
The login method for pcProx requires each workstation that will use the method to have a pcProx 


card reader. 


Installing the Login Method for pcProx 
There are three steps in installing and setting up the login method for pcProx: 


1. Update the NMAS Client. 
2. Set up the login method in Novell eDirectory™. 


3. Install the pcProx client module on each workstation. 


Updating the NMAS Client 
In order for the NMAS client to use the pcProx method as a login ID, you must update the NMAS 


client. To update the NMAS client, run clientsetup.exe located at the root directory of each 


workstation that will use the pcProx login method. 


Setting Up the Login Method in eDirectory 
IMPORTANT: Run ConsoleOne® from a Windows* client workstation by using the ConsoleOne 
executable located on the server at server:sys\public\mgmt\consoleone\1.2\bin\consoleone. exe. 
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In ConsoleOne, expand the Security container. 

Right-click the Authorized Login Methods container. 

Select New > Object. 

The New Object Wizard starts. 

Select the SAS:NMAS Login Method class > click OK. 

Specify the configuration file > click Next. 

The configuration file is located in the login method folder and is usually named config. txt. 
From the license agreement screen, click Accept > Next. 

Accept the default method name or rename it > click Next. 

Review the available modules for this method > click Next. 


If you want a login sequence to only use this login method, check the appropriate check box 
> click Finish. 


Review the installation summary > click OK. 


If necessary, close and restart ConsoleOne to run the newly installed ConsoleOne login 
method snapins. You can then configure the login method and enroll users to use it. 


Installing the pcProx Client Module on Each Workstation 
The client module must be installed on each workstation that will use the pcProx login method. 


To install the client module, run clientsetup.exe in the pcprox\client directory on each 


workstation that will use the login method. Follow the instructions of the installation wizard. 


During this installation, you will select which type of card you will be using (HID or AIR ID). 


pcProx also allows you to set the number of of retries before it locks the workstation. This allows 


you to take into account any disruptions due to radio frequency interference. 


Configuring the Login Method for pcProx 
After the login method for pcProx is installed, you can manage it using ConsoleOne. 


Manually Setting a pcProx Card for a User 
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In ConsoleOne, double-click a User object. 


Click the Login Methods tab and select pcProx. 
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Click the pcProx login method. 
Click the Set Card ID radio button. 


If you want to scan in a pcProx card ID, place the card on the reader and click Scan. After 
the scan, the card's hexadecimal ID appears in the Card ID field. 


If you want to simply type the ID, type the card ID into the Card ID field. 


Click OK or Apply to save your changes. 


You can also set a pcProx card for a user from the Login IDs tab by clicking the Add button and 


scanning or typing the card ID. 


Removing a pcProx Card from a User 
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In ConsoleOne, double-click a User object. 

Click the Login Methods tab and select pcProx. 

Click the pcProx login method. 

Click the Remove Card ID radio button. This flags the pcProx ID for removal from the system. 


Click OK or Apply to save your changes. 


You can also remove a pcProx card from the Login IDs tab by highlighting an ID and clicking the 


Delete button. 


Allowing a User to Self-Enroll His or Her Card ID 
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In ConsoleOne, expand the Security container. 

Expand the Authorized Login Methods container. 

Right-click the NMAS Proximity Card method and select properties. 
Click the pcProx tab > Settings. 

Click the Enable self enrollment box. 


Users who have been assigned the pcProx method can enroll their own cards. The first time 
users log in using the pcProx method, they will enter an eDirectory password. They will then 
be prompted to scan the pcProx card. 


Click OK or Apply to save your changes. 


INSTALLING AND CONFIGURING THE LOGIN ID SNAP-IN FOR PCPROX 


Prerequisites 
You must have the following installed in order to use this snap-in: 


+ NMAS 2.02 or later 
+ NMAS Client 2.1 on each workstation that will use the login ID snap-in. 
+ NMAS login method for pcProx on each workstation that will use the login ID snap-in 


Steps 
You must complete the following steps to make the login ID snap-in available for use: 


+ Set up any required hardware. 
¢ Install the pcProx method on the client. 
+ Add pcProx cards to be used as login IDs. 


Setting Up the Hardware 
The login ID snap-in for pcProx requires each workstation that will use the method to have a 


pcProx card reader. 


Specify the COM port number or USB during the method installation. 


Installing the Login ID Snap-In for pcProx 
You can choose to install the login ID snap-in from the pcProx method installation wizard. Check 


the box next to Use the card reader to obtain the username for login. 


Adding a PCProx Card to be Used as a Login ID 
1 In ConsoleOne, double-click on a User object. 


2 Click the Login IDs tab and select pcProx. 
3 Click Add. 


4 Type in the card ID or place the card on the reader and click Scan. The card's hexadecimal 
ID appears in the Card ID field. 


5 Click OK. 


6 Click OK or Apply to save your changes. 


Preventing the Login ID Snap-In from Executing 
A user can prevent the ID snap-in from executing by holding the Ctrl key when the login dialog 


starts. This is a useful feature for users who need to occasionally change their login information, 
for example, if a user needs to log in to a different tree or server, or use a different NMAS 


sequence. 


Deleting a pcProx card Used As a Login ID 
1 In ConsoleOne, double-click a User object. 


2 Click the Login IDs tab and select pcProx. 
3 Select a card ID and click Delete. 


4 Click OK or Apply to save your changes. 


USING THE PCPROX ID FOR AUTHENTICATION, USER IDENTIFICATION, AND WITH 
SECURE WORKSTATION 
The assignment of the pcProx ID for authentication and user identification must be made in two 


different places in ConsoleOne. To assign the pcProx ID for authentication, use the Login 


Methods tab in ConsoleOne. To assign the pcProx ID for identification, use the Login IDs tab. 


This was done because the pcProx card contains only a 32-bit number. In order to use the card 
for identification, the assignment must be made public in the directory because no user is 
logged in. If you choose to use the pcProx method for authentication, Novell recommends that a 


second factor of authentication be used as well. 


You can also set up pcProx as an event that is monitored by Secure Workstation. When a user logs 
in with pcProx and a proximity card, Secure Workstation with monitor that card as an event to 
watch. If the user logs in using some other means of authentication, but Secure Workstation 
knows there is a card associated with that user, Secure Workstation will prompt the user to 


identify their card number. 


PCPROX AND CITRIX 

When using pcProx with Citrix, you can set up a virtual channel between the Citrix box and the 
ICA box with a card reader. This will work properly as long as the pcProx client module is 
installed on both the ICA box and the Citrix box. 


REGISTRY KEYS AND VALUES FOR THE PCPROX METHOD 
Key: HKLM\SOFTWARE\Novel1l\NMAS\MethodData\pcProx 


Value: comid 
Type: DWORD 


Data: The com port that the reader is attached to. A value of -1 
(Oxffffffff) signifies USB. 


Value: retries 
Type: DWORD 


Data: Specifies the number of consecutive failures that the reader must get before reporting 
a Device Removal Event to Secure Workstation. This is most useful when the AIR ID readers 
are used in areas with a lot of interference. 


REGISTRY KEYS AND VALUES FOR THE PCPROX ID SNAP-IN 
Key: HKLM\SOFTWARE\Novel1\NMAS\pcProx\ID 


Value: Sequence 
Type: String 


Data: The name of the sequence to be used when a user ID is obtained from the device. If 
this value exists but has no data, then the user's default sequence will be used. 


Value: Tree 

Type: String 

Data: The tree name to be used when a user ID is obtained from the device. 
Value: Server 

Type: String 

Data: The server to be used for login when a user ID is obtained from the device. 
Key: HKLM\SOFTWARE\Novell\NMAS\<<Method Name>>\ID\LDAPServers 


This key contains an ordered list of LDAP servers that will be queried 
for the user name when data is read from the device. 
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